Aggregator

search_vulns can be used to search for known vulnerabilities in software. To achieve this, the tool utilizes a locally

The post search_vulns: Search for known vulnerabilities in software appeared first on Penetration Testing Tools.

Microsoft has become the defendant in a lawsuit filed by the Australian Competition and Consumer Commission (ACCC), which

The post Forced AI Upgrade: Australia Sues Microsoft Over Hidden 365 Fees appeared first on Penetration Testing Tools.

Several media outlets have once again circulated false claims of a supposed large-scale data breach affecting Gmail, alleging

The post Again? Google Denies Gmail Breach as HIBP Credential Leak Causes Panic appeared first on Penetration Testing Tools.

The BlueNoroff group — long linked to Lazarus — has begun incorporating generative AI into operations targeting executives

The post AI Deception: BlueNoroff APT Uses Fake Zoom Calls to Hack Web3 Executives appeared first on Penetration Testing Tools.

A newly discovered vulnerability in ChatGPT Atlas, the experimental browser developed by OpenAI, allows attackers to silently inject

The post ChatGPT Atlas Flaw: Hackers Inject Persistent Commands into AI’s Memory appeared first on Penetration Testing Tools.

Swift has officially gained Android support — the Android Workgroup has announced the release of nightly builds of

The post Swift on Android is Here: New SDK Unlocks Cross-Platform Development appeared first on Penetration Testing Tools.

互联网安全非营利组织Shadowserver基金会发现，在网络安全公司F5披露安全入侵事件后，全球有超过26.6万台F5 BIG-IP设备暴露在公网上。

F5于表示黑客入侵其网络，窃取了源代码及未公开的BIG-IP安全漏洞信息，但尚未发现攻击者泄露或利用这些未公开漏洞发起攻击的证据。

F5还发布补丁修复44个漏洞（包括此次入侵中被盗取信息的漏洞），并敦促客户尽快更新设备。该公司表示：“针对BIG-IP、F5OS、面向Kubernetes的BIG-IP Next、BIG-IQ及APM客户端的更新现已上线。尽管目前未发现存在未公开的严重漏洞或远程代码执行漏洞，但仍强烈建议尽快更新BIG-IP软件。”

网络监管机构Shadowserver目前已追踪到266,978个带有F5 BIG-IP特征的IP地址。其中，近半数（超14.2万个）位于美国，另有10万个分布在欧洲和亚洲。

不过，目前尚无数据表明，这些设备中有多少已完成安全加固，以防范可能利用本周披露的BIG-IP漏洞发起的攻击。

在线公开的 F5 设备

目前，CISA已发布紧急指令，对美国联邦机构提出明确要求：

1. 在10月22日前，通过安装最新F5安全补丁，完成对F5OS、BIG-IP TMOS、BIG-IQ及BNK/CNF产品的安全加固；

2. 网络中其他所有F5硬件和软件设备的修复截止日期延长至10月31日；

3. 断开并停用所有已达“支持终止期”且暴露在公网上的F5设备——这类设备将不再获得补丁更新，极易在攻击中被攻陷。

近年来，国家级威胁组织与网络犯罪团伙均将BIG-IP漏洞作为攻击重点，通过漏洞可实现多种恶意操作：

·测绘受害者内部服务器；

·劫持受害者网络中的设备；

·入侵企业网络、窃取敏感文件；

·部署数据擦除恶意软件。

此外，被攻陷的F5 BIG-IP设备还可能让威胁者窃取凭证与应用程序接口（API）密钥，在受害者网络中横向移动，并建立持久化控制。

The Python Software Foundation (PSF)—the organization overseeing the development of the Python programming language—has declined a $1.5 million

The post Values Over Dollars: Python Foundation Rejects $1.5M US Grant Over Anti-DEI Mandate appeared first on Penetration Testing Tools.

Seventy-two nations gathered in Hanoi, Vietnam, to sign the world’s first United Nations Convention on Cybercrime, establishing a

The post Historic UN Cybercrime Convention Signed in Hanoi by 72 Nations appeared first on Penetration Testing Tools.

Cyberthreat analysts are reporting active exploitation of a critical vulnerability in Windows Server Update Services (WSUS), identified as

The post Microsoft Refuses to Mark Critical WSUS Flaw as Actively Exploited appeared first on Penetration Testing Tools.